What is a Web Application Firewall (WAF)?

preview_player
Показать описание
Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic. Today, threat vectors are being introduced at all layers of the network. For example, the Slowloris and HTTP Flood attacks are Layer 7 attacks...a traditional network firewall would never stop these attacks. But, nonetheless, your application would still go down if/when it gets hit by one of these. It's important to defend your network with more than just a traditional Layer 3-4 firewall. That's where a Web Application Firewall (WAF) comes in. In this video, John outlines what a WAF is and why your web application needs one.

Рекомендации по теме
Комментарии
Автор

I would also add that the reason to have WAFs is it's faster to adjust firewalls than rewrite an application. If your application has a security flaw, adjusting the firewall to "cover" that "weak spot" so to speak is much easier than fundamentally changing the architecture of your app. As humans we strive for perfection, that's why we have secure code standards and such. But the chase for perfection is without end and the app ultimately needs to be deployed, to perform its function, so it's much more productive to design safe apps to the best of your abilities while being efficient and use WAFs as a frontline defense.

Weaverx
Автор

I like this. Being non-tech, i was grappling with the concept. The visual presentation here and the back-to-basics kind of instruction are exactly what i need. THANK YOU👍

gaudia
Автор

Great explanation!!! Thank you for your effort.

sumitrapyakurel
Автор

can we just take a moment to appreciate the crazy vizual. You're writing on a glass board (or so it appears) while looking at the cam and it's legibal as we see it in the direct your write which should be mirror reflected. It should look backwards... Great job Cam crew, good job John.

DGonz-
Автор

Great presenter. very simply to follow and easy to listen to.

lillysvids
Автор

I concur with Trevor you present very well and helps "owning the content"✨👍
Sometimes network forensics and security can seem like Romulan..

davidkamaunu
Автор

This is so amazing! What a great resource :)

grom
Автор

Lovely... Thankyou very much.. Due to your excellent presentation will start my journey to security from today

adityajain
Автор

Good content and clear explanation, liked and subscribed, keep them bringing

tempestboya
Автор

Great video !!!! Clear explain thank you

jitrammaharjan
Автор

Awesome explanation! Keep up the great work.

cisoglobalinc
Автор

I would have liked to see a couple of details about how it works out. Show code/details on how a specific attack is blocked.


I see the WAF as being valuable to quickly block off things that are learned until the application can be changed. That seems to go against what I see in the field though, since those who use a WAF often lack the commitment to go fix the core problem in the app later. That is surprising on the one hand, but not when leadership tendencies are considered.

bradandrews
Автор

thank you !! you're a great teacher :)

vortical
Автор

I am happy about finding this awesome tutorial, thanks a lot

saraafshar
Автор

How is he writing backwards? It's hard to stay focused because it's too cool

wtang
Автор

Great explanation! Thank you
Quick question, in general, can WAFs protect against LDAP injections as well?

hessamzahedi
Автор

it would be nice if there were subtitles!

JavaDeveloperForFun
Автор

"ack el" that's the first time I have heard ACL pronounced like that :D

treesus
Автор

El tema es que los firewalls tradicionales ya no se utilizan y fueron reemplazados por los NGFW que trabajan en la capa de aplicaciones... ¿como compararías un WAF vs NGFW?.. Saludos!

emanueladrianarias
Автор

I hope I will get judgement about this..tnk u very much..

rohitmv